Debiao He

Robust Biometrics-Based Authentication Scheme for Multiserver Environment

The authentication scheme is an important cryptographic mechanism, through which two communication parties could authenticate each other in the open network environment. To satisfy the requirement of practical applications, many authentication schemes using passwords and smart cards have been proposed. However, passwords might be divulged or forgotten, and smart cards might be shared, lost, or stolen. In contrast, biometric methods, such as fingerprints or iris scans, have no such drawbacks. Therefore, biometrics-based authentication schemes gain wide attention. In this paper, we propose a biometrics-based authentication scheme for multiserver environment using elliptic curve cryptography. To the best of our knowledge, the proposed scheme is the first truly three-factor authenticated scheme for multiserver environment. We also demonstrate the completeness of the proposed scheme using the Burrows-Abadi-Needham logic.

Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment

Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an “ideal” scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.s scheme and Lis scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.

Anonymous Authentication for Wireless Body Area Networks With Provable Security

Advances in wireless communications, embedded systems, and integrated circuit technologies have enabled the wireless body area network (WBAN) to become a promising networking paradigm. Over the last decade, as an important part of the Internet of Things, we have witnessed WBANs playing an increasing role in modern medical systems because of its capabilities to collect real-time biomedical data through intelligent medical sensors in or around the patients’ body and send the collected data to remote medical personnel for clinical diagnostics. WBANs not only bring us conveniences but also bring along the challenge of keeping data’s confidentiality and preserving patients’ privacy. In the past few years, several anonymous authentication (AA) schemes for WBANs were proposed to enhance security by protecting patients’ identities and by encrypting medical data. However, many of these schemes are not secure enough. First, we review the most recent AA scheme for WBANs and point out that it is not secure for medical applications by proposing an impersonation attack. After that, we propose a new AA scheme for WBANs and prove that it is provably secure. Our detailed analysis results demonstrate that our proposed AA scheme not only overcomes the security weaknesses in previous schemes but also has the same computation costs at a client side.

A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks

With an advancement of wireless communication technology, wireless sensor network (WSN) has emerged as one of the most powerful technologies which can be used in various applications, such as military surveillance, environment monitoring, industrial control, and medical monitoring. WSNs are vulnerable to large collection of attacks than traditional networks because they transmit data using a wireless channel and are deployed in unattended environments. So, in this environment, how to ensure secure communications between different communication parties becomes a challenging issue with respect to the constraints of energy consumption, and large overhead generated during various operations performed. In this direction, the mutual authentication and key agreement (MAAKA) scheme attracts much attention in recent years. In literature, MAAKA schemes were presented in last several years. However, most of these schemes cannot satisfy security requirements in WSNs. Recently, Xue et al. proposed a temporal-credential-based MAAKA scheme for WSNs and proved that it could withstand various types of attacks. However, this paper points out that Xue et al.s MAAKA scheme is vulnerable to the off-line password guessing attack, the user impersonation attack, the sensor node impersonation attack and the modification attack. Moreover, this paper also points out that Xue et al.s MAAKA scheme cannot provide user anonymity. To overcome weaknesses in Xue et al.s MAAKA scheme, this paper proposes a new temporal-credential-based MAAKA scheme for WSNs. Security analysis shows the proposed MAAKA scheme could overcome the weaknesses in Xue et al.s MAAKA scheme. Performance analysis shows the proposed MAAKA scheme has better performance than the existing benchmarked schemes in literature. Therefore, the proposed MAAKA scheme is more suitable for providing security for various applications in WSNs.

Authentication protocol for an ambient assisted living system

Recent advances in healthcare technologies along with improved medical care have led to a steady increase in life expectancy over the past few decades. As a result, we have been witnessing a significant growth in the number of elderly people around the world. Ensuring a comfortable living environment for elderly people has gained much attention in recent years. By leveraging information and communication technologies, the AAL system shows great promise in satisfying many requirements of elderly people and enables them to live safely, securely, healthily, and independently. Over the last few years various AAL systems, mostly based on Wireless Body Area Network technologies, have been proposed to improve the quality of life of elderly people. Since the information transmitted in AAL systems is very personal, the security and privacy of such data are becoming important issues that must be dealt with. We first discuss the overall system architecture of a typical AAL system and its associated security requirements. Next we propose an efficient authentication protocol for the AAL system and describe how it meets various security requirements. Finally we compare the performance of the proposed authentication protocol with two other recent authentication protocols and demonstrate its superior efficiency.

An Analysis of RFID Authentication Schemes for Internet of Things in Healthcare Environment Using Elliptic Curve Cryptography

Advances in information and communication technologies have led to the emergence of Internet of Things (IoT). In the healthcare environment, the use of IoT technologies brings convenience to physicians and patients as they can be applied to various medical areas (such as constant real-time monitoring, patient information management, medical emergency management, blood information management, and health management). The radio-frequency identification (RFID) technology is one of the core technologies of IoT deployments in the healthcare environment. To satisfy the various security requirements of RFID technology in IoT, many RFID authentication schemes have been proposed in the past decade. Recently, elliptic curve cryptography (ECC)-based RFID authentication schemes have attracted a lot of attention and have been used in the healthcare environment. In this paper, we discuss the security requirements of RFID authentication schemes, and in particular, we present a review of ECC-based RFID authentication schemes in terms of performance and security. Although most of them cannot satisfy all security requirements and have satisfactory performance, we found that there are three recently proposed ECC-based authentication schemes suitable for the healthcare environment in terms of their performance and security.

An Efficient Identity-Based Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad Hoc Networks

By broadcasting messages about traffic status to vehicles wirelessly, a vehicular ad hoc network (VANET) can improve traffic safety and efficiency. To guarantee secure communication in VANETs, security and privacy issues must be addressed before their deployment. The conditional privacy-preserving authentication (CPPA) scheme is suitable for solving security and privacy-preserving problems in VANETs, because it supports both mutual authentication and privacy protection simultaneously. Many identity-based CPPA schemes for VANETs using bilinear pairings have been proposed over the last few years to enhance security or to improve performance. However, it is well known that the bilinear pairing operation is one of the most complex operations in modern cryptography. To achieve better performance and reduce computational complexity of information processing in VANET, the design of a CPPA scheme for the VANET environment that does not use bilinear paring becomes a challenge. To address this challenge, we propose a CPPA scheme for VANETs that does not use bilinear paring and we demonstrate that it could supports both the mutual authentication and the privacy protection simultaneously. Our proposed CPPA scheme retains most of the benefits obtained with the previously proposed CPPA schemes. Moreover, the proposed CPPA scheme yields a better performance in terms of computation cost and communication cost making it be suitable for use by the VANET safety-related applications.

An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings

With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client-server environment, many user authentication protocols from pairings have been proposed. In 2009, Goriparthi et al. proposed a new user authentication scheme for mobile client-server environment. In 2010, Wu et al. demonstrated that Goriparthi et al.s protocol fails to provide mutual authentication and key agreement between the client and the server. To improve security, Wu et al. proposed an improved protocol and demonstrated that their protocol is provably secure in random oracle model. Based on Wu et al.s work, Yoon et al. proposed another scheme to improve performance. However, their scheme just reduces one hash function operation at the both of client side and the server side. In this paper, we present a new user authentication and key agreement protocol using bilinear pairings for mobile client-server environment. Performance analysis shows that our protocol has better performance than Wu et al.s protocol and Yoon et al.s protocol. Then our protocol is more suited for mobile client-server environment. Security analysis is also given to demonstrate that our proposed protocol is provably secure against previous attacks.

A privacy preserving three-factor authentication protocol for e-Health clouds

E-Health clouds are gaining increasing popularity by facilitating the storage and sharing of big data in healthcare. However, such an adoption also brings about a series of challenges, especially, how to ensure the security and privacy of highly sensitive health data. Among them, one of the major issues is authentication, which ensures that sensitive medical data in the cloud are not available to illegal users. Three-factor authentication combining password, smart card and biometrics perfectly matches this requirement by providing high security strength. Recently, Wu et al. proposed a three-factor authentication protocol based on elliptic curve cryptosystem which attempts to fulfill three-factor security and resist various existing attacks, providing many advantages over existing schemes. However, we first show that their scheme is susceptible to user impersonation attack in the registration phase. In addition, their scheme is also vulnerable to offline password guessing attack in the login and password change phase, under the condition that the mobile device is lost or stolen. Furthermore, it fails to provide user revocation when the mobile device is lost or stolen. To remedy these flaws, we put forward a robust three-factor authentication protocol, which not only guards various known attacks, but also provides more desired security properties. We demonstrate that our scheme provides mutual authentication using the Burrows–Abadi–Needham logic.

Enhanced three-factor security protocol for consumer USB mass storage devices

The Universal Serial Bus (USB) is an extremely popular interface standard for computer peripheral connections and is widely used in consumer Mass Storage Devices (MSDs). While current consumer USB MSDs provide relatively high transmission speed and are convenient to carry, the use of USB MSDs has been prohibited in many commercial and everyday environments primarily due to security concerns. Security protocols have been previously proposed and a recent approach for the USB MSDs is to utilize multi-factor authentication. This paper proposes significant enhancements to the three-factor control protocol that now makes it secure under many types of attacks including the password guessing attack, the denial-of-service attack, and the replay attack. The proposed solution is presented with a rigorous security analysis and practical computational cost analysis to demonstrate the usefulness of this new security protocol for consumer USB MSDs.